- All Exams Instant Download
How is this type of conversation classified?
At a company party a guest asks questions about the company’s user account format and password complexity. How is this type of conversation classified?A . Phishing attackB . Password Revelation StrategyC . PiggybackingD . Social EngineeringView AnswerAnswer: D
Which security principle is violated by running all processes as root or administrator?
Which security principle is violated by running all processes as root or administrator?A . principle of least privilegeB . role-based access controlC . separation of dutiesD . trusted computing baseView AnswerAnswer: A
Which method is used to identify a session from a group of logs?
An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?A . sequence numbersB . IP identifierC . 5-tupleD . timestampsView AnswerAnswer: C
What is the principle of defense-in-depth?
What is the principle of defense-in-depth?A . Agentless and agent-based protection for security are used.B . Several distinct protective layers are involved.C . Access control models are involved.D . Authentication, authorization, and accounting mechanisms are used.View AnswerAnswer: B
What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?
What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?A . MAC is controlled by the discretion of the owner and DAC is controlled by an administratorB . MAC is the strictest of all levels of control and DAC is object-based accessC . DAC is controlled...
What is causing the lack of data visibility needed to detect the attack?
An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is...
Which kind of attack method is depicted in this string?
Refer to the exhibit. Which kind of attack method is depicted in this string?A . cross-site scriptingB . man-in-the-middleC . SQL injectionD . denial of serviceView AnswerAnswer: A
Which information is available on the server certificate?
When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification. Which information is available on the server certificate?A . server name, trusted subordinate CA, and private keyB . trusted subordinate CA, public key, and cipher suitesC . trusted...
What are two denial of service attacks? (Choose two.)
What are two denial of service attacks? (Choose two.)A . MITMB . TCP connectionsC . ping of deathD . UDP floodingE . code redView AnswerAnswer: CD
Which event is occurring?
Refer to the exhibit. Which event is occurring?A . A binary named "submit" is running on VM cuckoo1.B . A binary is being submitted to run on VM cuckoo1C . A binary on VM cuckoo1 is being submitted for evaluationD . A URL is being evaluated to see if it...
